Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-1764

SPIRE Operator on Red Hat OpenShift Integration with OpenShift Service Mesh

XMLWordPrintable

    • BU Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-1691Supporting SPIFFE/SPIRE for Workload Identities in OpenShift
    • 100% To Do, 0% In Progress, 0% Done
    • 0

      Feature Overview (aka. Goal Summary)  

      Workload identity is a key part of the zero-trust model. The SPIRE project aims to simplify the management and distribution of workload identities in the form of cryptographically verifiable identity documents. There is an increasing interest and uptake in this space within the Cloud native ecosystem.  The goal is to give customers a practical and scalable way to establish trust in a multi-cloud, multi-platform environment. It will strengthen OpenShift’s security capabilities and value-add as organizations harden their security policies. 

      Goals (aka. expected user outcomes)

      This effort is to integrate SPIRE Operator with RHOSM and provide federation support 

       

      Requirements (aka. Acceptance Criteria):

       

      Activity Dependencies  Dependency contacts
      Service Mesh already supports SPIRE upstream. This effort is to integrate Operator with RHOSM and provide federation support  OpenShift ServiceMesh team  Jamie Longmuir Nir Yechiel

       __ 

       

      Anyone reviewing this Feature needs to know which deployment configurations that the Feature will apply to (or not) once it's been completed.  Describe specific needs (or indicate N/A) for each of the following deployment scenarios. For specific configurations that are out-of-scope for a given release, ensure you provide the OCPSTRAT (for the future to be supported configuration) as well.

      Deployment considerations List applicable specific needs (N/A = not applicable)
      Self-managed, managed, or both Self-managed
      Classic (standalone cluster) Y
      Hosted control planes Y
      Multi node, Compact (three node), or Single node (SNO), or all  
      Connected / Restricted Network  
      Architectures, e.g. x86_x64, ARM (aarch64), IBM Power (ppc64le), and IBM Z (s390x)  
      Operator compatibility  
      Backport needed (list applicable versions)  
      UI need (e.g. OpenShift Console, dynamic plugin, OCM)  
      Other (please specify)  

      Use Cases (Optional):

      Include use case diagrams, main success scenarios, alternative flow scenarios.  Initial completion during Refinement status.

      <To be added> 

      Questions to Answer (Optional):

      Include a list of refinement / architectural questions that may need to be answered before coding can begin.  Initial completion during Refinement status.

      <your text here>

      Out of Scope

      High-level list of items that are out of scope.  Initial completion during Refinement status.

      <your text here>

      Background

      Provide any additional context is needed to frame the feature.  Initial completion during Refinement status.

      <your text here>

      Customer Considerations

      Provide any additional customer-specific considerations that must be made when designing and delivering the Feature.  Initial completion during Refinement status.

      <your text here>

      Documentation Considerations

      Provide information that needs to be considered and planned so that documentation will meet customer needs.  If the feature extends existing functionality, provide a link to its current documentation. Initial completion during Refinement status.

      <your text here>

      Interoperability Considerations

      Which other projects, including ROSA/OSD/ARO, and versions in our portfolio does this feature impact?  What interoperability test scenarios should be factored by the layered products?  Initial completion during Refinement status.

      <your text here>

              atelang@redhat.com Anjali Telang
              atelang@redhat.com Anjali Telang
              Jamie Longmuir, Nir Yechiel, Trilok Geer, Vishal Gaikwad
              Stephanie Stout Stephanie Stout
              David Eads David Eads
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: